Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2023-7153 |
|
Cross-Site Scripting (XSS) in macroturk (CVE-2023-7153)
cross-site scripting in macroturk (CVE-2023-7153). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-5806 |
|
SQL Injection in sqli (CVE-2023-5806)
SQL injection in sqli (CVE-2023-5806). Successful exploitation can lead to full system takeover.
|
| CVE-2023-35082 KEV |
|
[KEV] Authentication Bypass in Ivanti endpoint-manager-mobile-epmm-and-mobileiron-core (CVE-2023-35082)
authentication bypass in Ivanti endpoint-manager-mobile-epmm-and-mobileiron-core (CVE-2023-35082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-46952 |
|
Cross-Site Scripting (XSS) in abocms (CVE-2023-46952)
cross-site scripting in abocms (CVE-2023-46952). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`.
|
| CVE-2024-0519 KEV |
|
[KEV] Out-of-Bounds Write in Google chromium-v8 (CVE-2024-0519)
out-of-bounds write in Google chromium-v8 (CVE-2024-0519). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6548 KEV |
|
[KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548)
code injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6549 KEV |
|
[KEV] Buffer Overflow in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6549)
vulnerability in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6549). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-51810 |
|
SQL Injection in sqli (CVE-2023-51810)
SQL injection in sqli (CVE-2023-51810). Confidential information can be exposed externally.
|
| CVE-2018-15133 KEV |
|
[KEV] Unsafe Deserialization in laravel (CVE-2018-15133)
vulnerability in laravel (CVE-2018-15133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-46474 |
|
Unrestricted File Upload in sigb (CVE-2023-46474)
vulnerability in sigb (CVE-2023-46474). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50128 |
|
Vulnerability in hozard (CVE-2023-50128)
vulnerability in hozard (CVE-2023-50128). Data can be tampered with by attackers.
|
| CVE-2023-29357 KEV |
|
[KEV] Vulnerability in Microsoft sharepoint-server (CVE-2023-29357)
vulnerability in Microsoft sharepoint-server (CVE-2023-29357). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-46805 KEV |
|
[KEV] Authentication Bypass in Ivanti connect-secure-and-policy-secure (CVE-2023-46805)
authentication bypass in Ivanti connect-secure-and-policy-secure (CVE-2023-46805). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-21887 KEV |
|
[KEV] Command Injection in Ivanti connect-secure-and-policy-secure (CVE-2024-21887)
command injection in Ivanti connect-secure-and-policy-secure (CVE-2024-21887). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6129 |
|
Vulnerability in dos (CVE-2023-6129)
vulnerability in dos (CVE-2023-6129). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28975 |
|
Cross-Site Scripting (XSS) in infoblox (CVE-2022-28975)
cross-site scripting in infoblox (CVE-2022-28975). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-26999 |
|
XXE (XML External Entity) in dos (CVE-2023-26999)
vulnerability in dos (CVE-2023-26999). Successful exploitation can lead to full system takeover.
|
| CVE-2023-27000 |
|
Cross-Site Scripting (XSS) in netscout (CVE-2023-27000)
cross-site scripting in netscout (CVE-2023-27000). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-27098 |
|
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
|
| CVE-2023-26998 |
|
Cross-Site Scripting (XSS) in netscout (CVE-2023-26998)
cross-site scripting in netscout (CVE-2023-26998). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-47890 |
|
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.
|
| CVE-2023-29300 KEV |
|
[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2023-29300)
vulnerability in Adobe coldfusion (CVE-2023-29300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-38203 KEV |
|
[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2023-38203)
vulnerability in Adobe coldfusion (CVE-2023-38203). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23752 KEV |
|
[KEV] Vulnerability in Joomla! joomla (CVE-2023-23752)
vulnerability in Joomla! joomla (CVE-2023-23752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-27524 KEV |
|
[KEV] Vulnerability in Apache superset (CVE-2023-27524)
vulnerability in Apache superset (CVE-2023-27524). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-20017 KEV |
|
[KEV] Command Injection in D-link dsl-2750b-devices (CVE-2016-20017)
command injection in D-link dsl-2750b-devices (CVE-2016-20017). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-0241 |
|
Vulnerability in rails (CVE-2024-0241)
vulnerability in rails (CVE-2024-0241). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37607 |
|
Path Traversal in path-traversal (CVE-2023-37607)
path traversal in path-traversal (CVE-2023-37607). Confidential information can be exposed externally.
|
| CVE-2023-37608 |
|
Vulnerability in automaticsystems (CVE-2023-37608)
vulnerability in automaticsystems (CVE-2023-37608). Confidential information can be exposed externally.
|
| CVE-2020-26623 |
|
SQL Injection in sqli (CVE-2020-26623)
SQL injection in sqli (CVE-2020-26623). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-26624 |
|
SQL Injection in sqli (CVE-2020-26624)
SQL injection in sqli (CVE-2020-26624). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-26625 |
|
SQL Injection in sqli (CVE-2020-26625)
SQL injection in sqli (CVE-2020-26625). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-47458 |
|
Vulnerability in bladex (CVE-2023-47458)
vulnerability in bladex (CVE-2023-47458). Successful exploitation can lead to full system takeover.
|
| CVE-2024-0193 |
|
Use-After-Free in redhat (CVE-2024-0193)
vulnerability in redhat (CVE-2024-0193). Successful exploitation can lead to full system takeover.
|
| CVE-2023-6436 |
|
SQL Injection in sqli (CVE-2023-6436)
SQL injection in sqli (CVE-2023-6436). Successful exploitation can lead to full system takeover.
|
| CVE-2023-7101 KEV |
|
[KEV] Vulnerability in Spreadsheet::parseexcel spreadsheetparseexcel (CVE-2023-7101)
vulnerability in Spreadsheet::parseexcel spreadsheetparseexcel (CVE-2023-7101). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-7024 KEV |
|
[KEV] Out-of-Bounds Write in Google chromium-webrtc (CVE-2023-7024)
out-of-bounds write in Google chromium-webrtc (CVE-2023-7024). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-50651 |
|
OS Command Injection in totolink (CVE-2023-50651)
OS command injection in totolink (CVE-2023-50651). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4675 |
|
SQL Injection in sqli (CVE-2023-4675)
SQL injection in sqli (CVE-2023-4675). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4674 |
|
SQL Injection in sqli (CVE-2023-4674)
SQL injection in sqli (CVE-2023-4674). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-4541 |
|
SQL Injection in sqli (CVE-2023-4541)
SQL injection in sqli (CVE-2023-4541). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50470 |
|
Cross-Site Scripting (XSS) in seacms (CVE-2023-50470)
cross-site scripting in seacms (CVE-2023-50470). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-46987 |
|
Code Injection in seacms (CVE-2023-46987)
code injection in seacms (CVE-2023-46987). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4671 |
|
SQL Injection in sqli (CVE-2023-4671)
SQL injection in sqli (CVE-2023-4671). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4672 |
|
Cross-Site Scripting (XSS) in talentyazilim (CVE-2023-4672)
cross-site scripting in talentyazilim (CVE-2023-4672). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-6879 |
|
Vulnerability in aomedia (CVE-2023-6879)
vulnerability in aomedia (CVE-2023-6879). Successful exploitation can lead to full system takeover.
|
| CVE-2023-6190 |
|
Path Traversal in path-traversal (CVE-2023-6190)
path traversal in path-traversal (CVE-2023-6190). Successful exploitation can lead to full system takeover.
|
| CVE-2023-6145 |
|
SQL Injection in sqli (CVE-2023-6145)
SQL injection in sqli (CVE-2023-6145). Successful exploitation can lead to full system takeover.
|
| CVE-2023-6122 |
|
Cross-Site Scripting (XSS) in softomi (CVE-2023-6122)
cross-site scripting in softomi (CVE-2023-6122). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-5988 |
|
Cross-Site Scripting (XSS) in uyumsoft (CVE-2023-5988)
cross-site scripting in uyumsoft (CVE-2023-5988). Risk of unauthorized operations or information disclosure.
|